Update loss of availability assessment on a process
Document the potential consequences for the data subject (the individual whose information is collected and processed) if the personal information in this business process cannot be accessed due to an incident (the incident could be a hacking attack or a system breakdown) – and assess the probability of incidents where availability to personal information is lost.
Click the edit icon on the right-hand side to select the appropriate level of consequences and probabilities
Choose between ‘Very High’, ‘High’, ‘Low’, ‘Very Low’ consequence for the data subject.
When assessing the consequence, consideration may be given to whether the data subject’s freedom of action is limited or whether loss of access to his/hers own personal data may have significant financial, legal or other consequences.
Choose between ‘Very Likely’, ‘Likely’, ‘Unlikely’, ‘Very Unlikely’ probability of loss of availability.
The probability assessment may depend on whether there has been a loss of availability of personal data in this process in the past, or whether the relevant organisational or technical security measures in the process or in the systems have been deemed to be weak. (security measures are what the organisation does to manage risks)
State the reasons for your assessments in the description box.
Once the risk is documented, the legal officer must validate that the current status can be accepted in accordance with EU GDPR. You can view existing validations by clicking ‘View validation log’ and ‘View more’.